Skip to navigationSkip to content

Beware of contracting a cryptocurrency-mining virus from Facebook Messenger

David Marcus, Facebook Vice President of Messaging Products, watches a display showing new features of Messenger during the keynote address at the F8 Facebook Developer Conference Tuesday, April 12, 2016, in San Francisco.
Eric Risberg/AP
A lurker in your DMs.
  • Karen Hao
By Karen Hao

Junior Data Scientist & Contributor

Published This article is more than 2 years old.

A virus that borrows your computer’s processing power to mine cryptocurrency without your knowledge is spreading through Facebook Messenger, security experts at Trend Micro discovered last week. The virus, named Digmine, seems to have originated in South Korea and has also been reported in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. Given the way that it propagates, it could easily reach other countries if Facebook users aren’t careful.

Trend Micro
Digmine propagates by sending executable scripts posing as video files to your Facebook friends via Messenger.

According to Trend Micro, the Digmine malware works by sending victims an executable script posing as a downloadable video file. The file is only malicious if the victim clicks on it within Facebook Messenger on Chrome’s desktop browser. When clicked on, the script sends users to a decoy video-streaming website while it downloads the malware in the background to begin mining cryptocurrency. Like most cryptocurrency-mining viruses, Digmine mines Monero, a crypto-coin optimized for maintaining the privacy of transactions, which has a current market value of $5.7 billion.

If the user’s Facebook account is set to log in automatically, it also sends the malicious file to all of the account’s friends via Messenger. The effect is that it looks like a Facebook friend has chatted you a video.

Trend Micro also warns that because of the way Digmine is built—its code is pushed from a server each time a user runs the executable script—the malware can also be updated to do more harmful things as it spreads. Though it currently only uses Facebook for propagation, it appears easy enough for hackers to modify the virus to also steal an account’s personal data.

Incidents of malware that hack computers to mine cryptocurrencies have surged six-fold this year, according to IBM Managed Security Services. They are typically designed to stay in the victim’s system for as long as possible and infect as many machines as possible. “Bigger victim pools equate to potentially bigger profits,” Trend Micro wrote. “The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising,” and makes it increasingly important to keep social media accounts secure.

In response to Trend Micro’s findings, Facebook promptly removed many of the Digmine-related links from its platform and said in an official statement that it has several systems in place to automatically scan for and remove harmful links and files from Facebook and Messenger. It also provides a free anti-virus scan if it suspects a user’s computer has been infected with malware.

📬 Need to Know: COP26

Your guide to the world's biggest climate summit.

By providing your email, you agree to the Quartz Privacy Policy.